Suggested improvement to Defender and Floodblocker

[empusa]

Having managed to shut myself out of my own sites several times via both Defender and Floodblocker, I thought I would suggest an improvement.

I would like to be able to add/amend pages without triggering Defender or Floodblocker. I also don't like the idea of switching them off in order to do any updates to the site.

I currently block access to my administrator section to all but three IP addresses. Could these allowed IP addresses be included in /includes/Core/security.php to prevent the allowed IP addresses from triggering Defender and Floodblocker.

Also, allowed IP addresses should then never be added to the blocked list.

That way, Defender can be set to block IP addresses without ever running the risk of locking out the site's administrator.

[Ivan Trebješanin]

Hmmm, are you saying that defender blocked your IP in spite of being on allowed IP list?

[empusa]

Certainly did.

I just got Defender to trigger again to make sure. It also logged me out.

Allowed IP addresses (3)
Only the IP addresses bellow have access to Administration:

• xx.69.91.190    • xx.233.54.56    • xx.32.57.6     


View Logs (1)
#    IP    Date    Filters
1    xx.69.91.190   [GEO 1]   [GEO 2]    Monday, 30 June 2008 16:57:48    mosConfig_

[Ivan Trebješanin]

Ooops... thank you for this info.

[datahell]

The allowed IP feature has an other usage that the blocking one. By adding your IP to the allowed IP addresses does not prevent Defender from blocking you out of the site. The allowed IP feature is used to limit the access to the administration area to only specific IP addresses and should be used only if you have a static Internet connection. Defender and FloodBlocker can not accept exceptions even for the super administrator as they are security tools and there must not be any way to be able to bypass them by spoofing a server request. If Defender/FloodBlocker ban/block you just clear their log files via FTP or edit their config.php file via FTP and disable them temporary until you unban your self.

I believe that both tools are working great and there is no need to change the way they work.

Tip: You can have almost the same result as the allowed IP feature if you use an other Elxis security option the cloaking of the administration login page. It is a fast and easy option that prevents even the login attempts to the administration console.

[rentasite]

I believe that both tools are working great and there is no need to change the way they work.

Exactly !!!

[datahell]

An other thing I wish to add for those having SEO PRO enabled is that the htaccess file used by SEO PRO has build-in some security settings for some Elxis variables such as the mosConfig_... configuration variables. If you use SEO PRO we will see that you have very rare messages from the Elxis Defender and this is because apache blocks that requests before they even proceed to the Elxis Defender. If you disable SEO PRO, Elxis Defender will have much more work to do. I often say that SEO PRO does much more things than a simple URL rewrite and this is one of the additional things it does (an other important task it does is that it fixes automatically some menu related issues). SEO PRO in Elxis 2008.1 goes a step further as it also manages Elxis language.